Skip to content

feat(ec2-alpha): support availability zone id in SubnetV2 #35247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat(ec2-alpha): support availability zone id in SubnetV2 #35247

wants to merge 4 commits into from

Conversation

@pahud
Copy link
Contributor

@pahud pahud commented Aug 15, 2025
edited
Loading

Issue # (if applicable)

Closes #35242.

Reason for this change

The SubnetV2 construct was missing support for availabilityZoneId, which is essential for cross-account deployments where availability zone names can map to different physical zones across accounts, but availability zone IDs remain consistent.

Users needed the ability to specify subnets using AZ IDs instead of AZ names to ensure consistent placement across AWS accounts, particularly in scenarios involving:

  • Cross-account VPC peering
  • Multi-account architectures
  • Disaster recovery setups where precise AZ placement is critical

Description of changes

API Enhancement:

  • Made availabilityZone property optional in SubnetV2Props
  • Added new availabilityZoneId property to SubnetV2Props
  • Added mutual exclusion validation ensuring exactly one of availabilityZone or availabilityZoneId is specified
  • Updated CloudFormation resource to pass availabilityZoneId when provided
  • Enhanced availabilityZone getter to fall back to subnet.attrAvailabilityZone when using AZ ID
  • Added availabilityZoneId property to SubnetV2Attributes interface for import scenarios

Documentation:

  • Added comprehensive README section explaining when to use AZ IDs vs AZ names
  • Documented cross-account use cases and AZ ID account-specific behavior
  • Provided clear examples showing both usage patterns
  • Added important caveats about AZ ID availability per account

Testing:

  • Created comprehensive integration test (integ.subnet-v2-zoneId.ts) with multiple test scenarios
  • Added unit tests covering AZ ID validation, different formats, and multi-AZ scenarios
  • Added tests for error conditions (both specified, neither specified)
  • Added tests for IPv6 compatibility with AZ IDs
  • Generated integration test snapshots for CloudFormation template validation

Key Implementation Details:

  • Validation ensures mutual exclusivity of availabilityZone and availabilityZoneId
  • CloudFormation resource correctly sets either AvailabilityZone or AvailabilityZoneId property
  • Maintains backward compatibility - existing code using availabilityZone continues to work
  • Integration test includes account-specific AZ ID mapping with proper documentation

Describe any new or updated permissions being added

N/A - No new IAM permissions required. This change only adds a new property to specify availability zones using AZ IDs instead of AZ names.

Description of how you validated changes

Unit Tests:

  • Added 6 new unit test cases covering all AZ ID scenarios:
    • Basic AZ ID creation and CloudFormation property validation
    • Error handling for mutual exclusion and missing specification
    • IPv6 compatibility with AZ IDs
    • Different AZ ID formats across regions (use1-az1, usw2-az1, euw1-az1)
    • Multi-AZ scenarios with different AZ IDs
  • All existing unit tests continue to pass, ensuring backward compatibility

Integration Tests:

  • Created comprehensive integration test with 4 different scenarios:
    • Hardcoded AZ ID usage
    • AZ ID from CloudFormation mapping
    • Context-based AZ ID with fallback
    • Multiple subnets across different AZ IDs
  • Generated and validated CloudFormation snapshots
  • Test includes proper CIDR allocation and account-specific AZ ID mapping
  • Region restriction rationale: Test is restricted to us-east-1 because:
    • AZ ID mapping is hardcoded for us-east-1 format (use1-az1, use1-az2, etc.)
    • Different regions have different AZ ID prefixes (e.g., usw2-az1 for us-west-2, euw1-az1 for eu-west-1)
    • Each region has varying numbers of availability zones
    • Supporting multiple regions would require region-specific mappings for each test account
    • AZ IDs are account-specific, so the hardcoded mapping only works for the specific test account in us-east-1
  • Added extensive documentation explaining these region restrictions and AZ ID account-specific behavior

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@pahud
feat(aws-ec2-alpha): improve availabilityZoneId documentation and tes…
c908aeb 
…ting

- Enhanced README with clearer guidance on when to use availabilityZoneId vs availabilityZone
- Added account-specific AZ ID caveat and cross-account use case explanation
- Improved integration test comments with region restriction rationale and AZ ID mapping warnings
- Added unit tests for different AZ ID formats and multi-AZ scenarios
- Fixed integration test CIDR conflicts and updated AZ ID mapping for actual account
@github-actions github-actions bot added effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 labels Aug 15, 2025
@aws-cdk-automation aws-cdk-automation requested a review from a team August 15, 2025 17:17
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Aug 15, 2025
aws-cdk-automation
aws-cdk-automation previously requested changes Aug 15, 2025
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(This review is outdated)

@pahud pahud changed the title feat(aws-ec2-alpha): improve availabilityZoneId documentation and tes… feat(ec2-alpha): improve availabilityZoneId documentation and tes… Aug 15, 2025
@aws-cdk-automation aws-cdk-automation dismissed their stale review August 15, 2025 18:48

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@pahud pahud changed the title feat(ec2-alpha): improve availabilityZoneId documentation and tes… feat(ec2-alpha): support availability zone id in SubnetV2 Aug 16, 2025
@pahud pahud marked this pull request as ready for review August 16, 2025 20:02
@github-actions github-actions bot mentioned this pull request Sep 1, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

contribution/core This is a PR that came from AWS. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

@aws-cdk/aws-ec2-alpha: support availability zone id in SubnetV2

2 participants

@pahud @aws-cdk-automation